mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-20 20:48:54 +01:00
Fix some mixed zone-type cases
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6478 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
5b11cc9e6e
commit
52b878cb8b
@ -188,7 +188,7 @@ sub validate_policy()
|
|||||||
unless ( $clientwild || $serverwild ) {
|
unless ( $clientwild || $serverwild ) {
|
||||||
if ( $zones{$server}{type} eq 'bport4' ) {
|
if ( $zones{$server}{type} eq 'bport4' ) {
|
||||||
fatal_error "Invalid policy - DEST zone is a Bridge Port zone but the SOURCE zone is not associated with the same bridge"
|
fatal_error "Invalid policy - DEST zone is a Bridge Port zone but the SOURCE zone is not associated with the same bridge"
|
||||||
unless $zones{$client}{bridge} eq $zones{$server}{bridge};
|
unless $zones{$client}{bridge} eq $zones{$server}{bridge} || single_interface( $client ) eq $zones{$server}{bridge};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -979,7 +979,7 @@ sub process_rule1 ( $$$$$$$$$$$ ) {
|
|||||||
# Check for illegal bridge port rule
|
# Check for illegal bridge port rule
|
||||||
#
|
#
|
||||||
if ( $zones{$destzone}->{type} eq 'bport4' ) {
|
if ( $zones{$destzone}->{type} eq 'bport4' ) {
|
||||||
unless ( $zones{$sourcezone}{bridge} eq $zones{$destzone}{bridge} ) {
|
unless ( $zones{$sourcezone}{bridge} eq $zones{$destzone}{bridge} || single_interface( $sourcezone ) eq $zones{$destzone}{bridge} ) {
|
||||||
return 1 if $wildcard;
|
return 1 if $wildcard;
|
||||||
fatal_error "Rules with a DESTINATION Bridge Port zone must have a SOURCE zone on the same bridge";
|
fatal_error "Rules with a DESTINATION Bridge Port zone must have a SOURCE zone on the same bridge";
|
||||||
}
|
}
|
||||||
|
@ -40,6 +40,7 @@ our @EXPORT = qw( NOTHING
|
|||||||
zone_report
|
zone_report
|
||||||
dump_zone_contents
|
dump_zone_contents
|
||||||
haveipseczones
|
haveipseczones
|
||||||
|
single_interface
|
||||||
|
|
||||||
@zones
|
@zones
|
||||||
%zones
|
%zones
|
||||||
@ -377,4 +378,22 @@ sub dump_zone_contents()
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# If the passed zone is associated with a single interface, the name of the interface is returned. Otherwise, the funtion returns '';
|
||||||
|
#
|
||||||
|
sub single_interface( $ ) {
|
||||||
|
my $zone = $_[0];
|
||||||
|
my $zoneref = $zones{$zone};
|
||||||
|
fatal_error "Internal Error in single_zone()" unless $zoneref;
|
||||||
|
|
||||||
|
{
|
||||||
|
no warnings;
|
||||||
|
if ( %{$zoneref->{interfaces}} == 1 ) {
|
||||||
|
( keys %{$zoneref->{interfaces}} )[0];
|
||||||
|
} else {
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
Loading…
Reference in New Issue
Block a user